mbedtls_rsa_rsassa_pss_verify_ext() function
This function performs a PKCS#1 v2.1 PSS verification operation (RSASSA-PSS-VERIFY). The hash function for the MGF mask generating function is that specified in \p mgf1_hash_id.
int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
mbedtls_md_type_t mgf1_hash_id,
int expected_salt_len,
const unsigned char *sig );
Arguments
ctx
The initialized RSA public key context to use.
f_rng
The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE, this is used for blinding and should be provided; see mbedtls_rsa_private() for more. Otherwise, it is ignored.
p_rng
The RNG context to be passed to \p f_rng. This may be \c NULL if \p f_rng is \c NULL or doesn't need a context.
mode
The mode of operation. This must be either #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
md_alg
The message-digest algorithm used to hash the original data. Use #MBEDTLS_MD_NONE for signing raw data.
hashlen
The length of the message digest. This is only used if \p md_alg is #MBEDTLS_MD_NONE.
hash
The buffer holding the message digest or raw data. If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable buffer of length \p hashlen Bytes. If \p md_alg is not #MBEDTLS_MD_NONE, it must be a readable buffer of length the size of the hash corresponding to \p md_alg.
mgf1_hash_id
The message digest used for mask generation.
expected_salt_len
The length of the salt used in padding. Use #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
sig
The buffer holding the signature. This must be a readable buffer of length \c ctx->len Bytes. For example, \c 256 Bytes for an 2048-bit RSA modulus.
Return value
\c 0 if the verify operation was successful. An \c MBEDTLS_ERR_RSA_XXX error code on failure.
Notes
The \p sig buffer must be as large as the size of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. The \p hash_id in the RSA context is ignored.